A Holistic Approach to Securing the Perimeter

When we talk about external cyber defense, what do we mean exactly?

In a recent webinar, our team discussed just that. External cyber defense means having an awareness of vulnerabilities within your external network and having actionable information to mitigate them. These days, your attack surface is everywhere. This includes everything that stands outside your traditional internal IT perimeter, third parties that make up your supply chain, and the corporate brand assets that exist outside of your network. Maximizing your visibility and being aware of possible threats and mitigating before they happen represents a shift from being reactive to proactive, keeping you one step ahead of the criminals. But how do you start moving toward this proactive approach?

A Third-Party Ecosystem Focus

When an organization solely focuses on its internal network, it’s challenging to be proactive to outside threats. There's an entire space that exists between you and threat actors that deserves your attention: your third-party ecosystem.

Now more than ever, just about everything having to do with business processes, from human resources to billing, is transmitted or stored digitally. No matter your organization’s size, when you engage with third parties, you take on their vulnerabilities as your own. It’s critical to know where you stand. It’s also critical to know where vendors stand in how they engage with you and how they handle your data, information, employees, infrastructure, and physical buildings. When you don’t know what you don’t know, you leave your organization open to vulnerabilities.

To address this challenge, a holistic approach can help identify vulnerability areas that are exploitable. By using a process called footprinting, the BlueVoyant team looks at all of the IP domains and any infrastructure assets that are attributed to your company — including third parties in your ecosystem —to get a complete picture of your attack surface. We then flesh out all assets in your footprint, and all the assets in your third-party ecosystem, in order to identify all exploitable vulnerabilities.

Securing What You Have While Balancing Resources

Every organization has blind spots, and addressing one vulnerability won’t fix the others. In many cases, employees and customers are the first line of defense — and they often fail to meet the moment. A single successful phishing attempt — from a phishing email targeting an employee to a cloned version of your website used to collect credentials and personally identifiable information (PII) — can be devastating both financially and in terms of the company’s reputation. Continuous monitoring is critical. Threat actors are constantly learning every single time they conduct activities against a target’s network, and using that knowledge to possibly gain access or detect an exploitable vulnerability. Threat actors may also save a zero day for a high-value target, and unfortunately you cannot detect a zero day because by nature zero days are not detectable. This may be the full-time job of many threat actors, but it’s not the same for many companies.

So how do you stay on top of all of this? Once you have a good understanding of your ecosystem, you then need to face the challenge of identifying the vulnerabilities and scaling the effort to secure it. Balancing resources to address cyber defense and proactive defensive posturing, rather than scrambling to pay for cyber remediation, is a sound business decision.

You are truly only as secure as the weakest link within your ecosystem. As you scramble to plug holes, threat actors could be adapting and learning more about your network than even you know, and implementing new penetrative activities constantly. The idea of moving from a reactive to proactive security posture is a game changer in this current climate, because you can get out ahead of some of these vulnerabilities or new attack methods before they even occur. As threat actors advance, they're learning more about your organization and its weaknesses every single day. The only answer to that is to go out and learn more about them through threat hunting and determining what drives them out, as well as their motives and methodologies, and their tactics, techniques, and procedures.

If you can see beyond your perimeter and identify threats that are coming down the pipeline toward your organization or your vendors, you can take defensive action much sooner.

Catch up on the webinar to hear the full approach to combining elements from first-party digital risk and third-party cyber risk management to create a holistic external defense solution.

Lorri Janssen-Anessi is the director of external cyber assessments at BlueVoyant.